Bypassing peoplesoft signon.

Hi,
I am facing a certain situation in which the user wants that he should be logged into the peoplesoft system without giving peoplesoft user id and password, instead whenever the user will click on the link for peoplesoft, his NT login and password should be cosidered for authentication and thus bypassing the peoplesoft signon.Has anybody come across such problem??
Please help me in this,
Thanks in Advance,
Regards,
Aniruddha.

In practice a user would log onto his PC, his certificate loads and he enters a password into a utility such as Entrust (or this can be the same as the PC login). In PeopleSoft the web server has a server certificate. the two certificates guarantee the connecting. The user can now bypass PS login because he is already authenticated. It may be necessary to modify the signon PeopleCode but this is not difficult.

Yes, we are running PeopleTools 8.44.04, and Enterprise Portal 8.8. We are
trying to bypass logon for the GUEST Account and following Global Support's
solution that defers from PeopleBooks. I am still dealing with PeopleSoft on
this.

First, a question for Bill on Tools 8.44. Have you found that the Guest id does not timeout in this tools version? We are experiencing this problem currently and I have a PS case open.

Second, we are doing a proof of concept with Bypass Signon and RSA ClearTrust. ClearTrust is already in place as our corporate "single signon" solution. The user logs into a special login page with the cmd=3Dstart instead of cmd=3Dlogin using their Network id and password. The bypass signon is enabled on the PS webserver and the user is logged in as the "guest" userid identified in the webserver config file. Then some custom signon peoplecode is triggered to get the userid from the http header and the user is then "switched" from the guest to their actual userid.

Another option is to enable the bypass signon on the PS webserver and direct the user to a "homepage" tab instead of the normal login url. The user would then automatically be logged in as "guest". This is only recommended for displaying generic information. A homepage url is identified by the "h" in the url < http://server:port/psp/xxx/EMPLOYEE/HRMS/h/?tab=3D DEFAULT >. If you were using Enterprise Portal you could then display a login pagelet for the user to login with their PS userid. You could enable LDAP authentication so that the network id and password could be used here.

RSA ClearTrust is similar to SiteMinder and you can search Customer Connection for information on both.

We just got Guest ID Logon bypass working yesterday using the recommended
Portal approach - turning this on via PeopleTools. We forgot to add
Permissions to the Guest account to see our custom Pagelets.

Regarding timeout, I suspect we will shortly encounter this problem. We
haven't had time to experience it yet.

You can check the timeout by viewing the source after you login. When we use bypass signon to login the source has some code ...timeout =3D xxx, where xxx is a huge number (in milliseconds). When we login via regular PS login page and view source, this code has the number equivalent to the 20 minutes (12000000 milliseconds) that is set on the web server.

We are trying to take a very simple/basic approach with allowing GUEST access and bypassing the Signon page. We are not (at this time) dealing with LDAP nor Single Sign-on.

We have ensured that the GUEST account does exist, and we can successfully log in with that account from a signon page. We have added the parameters to the configuration.properties file:
byPassSignOn=true
defaultUSERID=GUEST
defaultPWD=GUEST

We can not jump directly to a specified URL located inside our application.

Yes, the GUEST account does have access to the page I am trying to "jump" directly to.

I logged in as GUEST and navigated to a page, and then copied that URL to a text file, and then try to open the URL directly with another browser window, expecting to be automatically logged in, but no success.

When you have set up the bypass signon in the configuration files, you
still need to get the user to the right page. We have set up a course
catalog that uses bypass signon successfully. We set up a PIA called
courses - http://paws.frostburg.edu/courses

The index.html file for the above url contains a one line javascript which
I will put below. I fear that if I include the html script directives,
that this list will delete it from the email so I will just insert the
single javascript line itself:

You should not continue to use signon.html after setting bypass signon
since signon.html will ALWAYS make you authenticate. The bypass signon
feature will only kick in when you make a direct link to a page inside
peoplesoft.

Instead of http://server:port/psp/xxx/signon.html or ?cmd=3Dlogin, now use http://server:port/psp/xxx/?cmd=3Dstart. Using "start" will cause the webserver to check if bypass signon is enabled...if it is, it will login with the GUEST id you have configured.

Another way to enter is to go directly to the page that the guest id has access to. This would be something like http://server:port/psp/xxx/EMPLOYEE/EMPL/h/?tab=3D PAPP_GUEST. To find it for your application login with GUEST and copy the url. When this url is placed directly in the browser or access via a link, it will log you right in as GUEST.

Hi Karen
Yes in the webserver configuration.properties file of the webserver i have setup the following values:
byPassSignOn=true
defaultUSERID=GUEST
defaultPWD=GUEST

But still when the i use the following link from a custom page "http://webserver address :port/psp/domain name/EMPLOYEE/HRMS/h/?tab=DEFAULT the login page (Signin.html) is displayed with a message saying that userid and password are required.
Please advice.
Thanks and Regards
Partha

Hi Andy
Yes i am trying to get the user login directly to the home page. So i am using the following link "http://webserver address :port/psp/domain name/EMPLOYEE/HRMS/h/?tab=3DDEFAULT". But always the login page is displayed with the message that the "Userid and Password are required.".
We are on PT 8.4 HRMS 8.8. So we cannot use iclient servlet and so using psp servlet.

What tools are you on? In 8.44, the configuration.properties file is no
longer used. Instead, Web Profiles are used and you do your setup
there. Not sure about 8.43, but in 8.42 the configuration.properties was
still used. There is one other parameter in configuration.properties that
we had set that may help EnableDirectLink. Here is the snippet from our
8.19 config file. I don't know if this is in 8.4x or not:

# If set to true, Direct Link feature will be enable. Direct Link allows
user accesses a peoplesoft component
# link from a non-peoplesoft navigation and see the component page after
login. This should only be
# used when using a non-peoplesoft navigation.
# Default: false
enableDirectLink=true

I may have to try setting this up in 8.44 and see what happens.

Andy Wolodkin

At 12:09 AM 07/08/2004, you wrote:

>Hi Andy
>Yes i am trying to get the user login directly to the home page. So i am
>using the following link "http://webserver address :port/psp/domain
>name/EMPLOYEE/HRMS/h/?tab=DEFAULT". But always the login page is displayed
>with the message that the "Userid and Password are required.".
>We are on PT 8.4 HRMS 8.8. So we cannot use iclient servlet and so using
>psp servlet.
>
>Thanks.
>Partha
>

In 8.44.xx, even though configuration.properites is pared down (it is still used) and the setup is done online via Web Profile, there is still an xml file on the webserver that contains the settings configured in Web Profile. The webserver STILL needs rebooted and cache cleared after changes to Web Profile are made.

Actually the settings you make in the Web Profile are stored in a table
called PSWEBPROFILE. So if for some reason you can't logon to make changes
you can change this table using SQL from the backend. Just wanted to clear
this up.

Hi All
I got the single signon to work. But now i have another problem and want your help.

I have a requirement to read a session cookie from Sign On PeopleCode. This cookie will have user id info and the PeopleCode will read this userid and set the rpofile of to that userid. But my signon PeopleCode is unable to read the cookies.

Following is a piece of Javascript that is setting up a session cookie:

Hi All,
I am also doing the same kind of thing=2E We have to authenticate with Active Directory and we are using PT 8=2E20 and HR 8=2E3 But the problem here is that we don't have any third party tool still the client wants to enable single signon=2E Which means somehow retriving network userid and password and then bypass signon window and authenticate it with Active Directory=2E=2E=2E=2E
Everything in disussion I understand but I need help how would I get the value of network id and password in the %request=2E
If anybody can help me with this then it would be a great help=2E
Thanks in advance

Hi Andy,
Please tell me how to create a PIA for this. Also let me know how the Default "user Id" and "Password" I defined in configuration.properties file, is replaced with the Network User ID and password.

I'm sorry, but I just don't have that kind of time. The process of PIA creation is explained completely in the PeopleSoft installation guides. This forum is more to resolve problems than to provide fundamental training to novices.

The process itself is pretty straightforward once you sit down with the installation guide and install everything. I did this personally several times on workstations when I was first starting just to get a "feel" for how things interconnected. I did NOT find the PeopleSoft system administration class to be useful. I had already installed peoplesoft several times when I went and I found the course to simply direct students to run scripts. It just didn't seem to be preparing people to actually do an install. I went with another guy who had never installed peoplesoft and he left having no clue what he was doing.

You are just going to have to give up a week or so stepping carefully through the installation guides and familiarizing yourself with the different tasks. It's really the only way I know of to learn how to do this.

On the other hand, it may be that creating a PIA is not something your position should be doing and that there is someone else on staff who does these things. If you have an existing PeopleSoft implementation and you do not know how to create a PIA, then I suggest that someone else in your company does. You need to find them and tell them what you need. They will understand my previous e-mail. Good luck with your project.

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.